Jump to content
Not connected, Your IP: 18.215.159.156
iamsserver

How to bypass password prompt on AIrVPN OSX client startup?

Recommended Posts

Hi,

 

Every time I start up the AirVPN client on OS X, it prompts for admin credentials ("AirVPN wants to make changes. Type your password to allow this.").

 

My situation is such, that I need to launch AirVPN automatically and unintrusively on computer startup - without this dialog popping up every time. I've tried changing the owner of the app to root, and I've also tried an AppleScript as such:

 

do shell script "sudo open -a /Applications/AirVPN.app" user name "User" password "PW" with administrator privileges

 

but still no go, keeps asking for privileges.

 

Is there a certain file that AirVPN is trying to modify that should perhaps be writable? Or how do I otherwise get around this?

 

I've seen several similar threads on this forum, but so far no answer. This is crucial for me to keep using AirVPN service. If it is not possible, please let me know as well so I can look for a different solution.

 

Thank you for your time!

Share this post


Link to post

Hi,

It's not about AirVPN's app for OS X, it's about the way OS X permissions work.

 

There is a mechanism that prevents apps from accessing the keychain without a password prompt, so what you have to simply do (for any app on OS X)

is just to follow the instructions here:

 

http://support.apple.com/kb/PH13737

 

If you want to read about it more, you can find a discussion here:

 

https://discussions.apple.com/thread/4010007?tstart=0

 

 

Regards


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

Thanks for your reply.

 

This is definitely worth looking into and I will post back if I find the solution, but unless I'm mistaken I don't think the app is trying to access a keychain. Usually when you get a prompt like that, it will say something like "xxx.app wants to access your keychain" with options "allow", "deny", and "always allow" (as pointed out in your first link). In this case the options are not there, and it just says "AirVPN wants to make changes". The AirVPN app is nowhere to be found in the keychain utility, and I can't seem to be able to add it manually either.

 

Any ideas?

Share this post


Link to post

Sorry, I thought you meant the checkbox where you can chose to save the AirVPN credentials.

 

In order to run OpenVPN clients, on any OS as far as I know, you need admin privileges.

 

On OS X, since you are using a GUI (Cocoa) app, you will need to pass those auth credentials to Cocoa and not to a terminal app,

so you will need a tool called cocoasudo:

 

http://www.performantdesign.com/2009/10/26/cocoasudo-a-graphical-cocoa-based-alternative-to-sudo/

 

But, it is really not recommended, for multiple reasons.

First, you can keep the client running, it almost doesnt consume any significant OS resources, so it is not something you might want to open/close frequently.

 

Second, as history shows, the Viscosity guys already tried to do something like that in their OS X client, by installing a "helper" object to the OS, which was actually a suid binary.

Later, a local root exploit was found and published publically:

http://git.zx2c4.com/Viscatory/tree/viscatory.sh

 

So I would not recommend providing any 3d party app with a permanent admin access, just from the security point of view.

 

Regards


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

Thanks for the suggestion, however cocoasudo doesn't work afaics, I get prompted for the password twice :-)

 

So is there perhaps a way i can connect to airvpn without the GUI client?

 

As I've mentioned, my situation is such that airvpn will need to be connected all the time, and the computer can be restarted or turned off, so it needs to be done at startup I guess. I can keep the client running all the time (actually, I have to!), but as far as restarting the computer that would have no effect, right?

Share this post


Link to post

I use Viscosity. I have it set to connect at login and re-connect after wake-from-sleep. I never have to do anything... as long as the computer is awake, I'm logged in and using the VPN (unless I choose to disconnect). Generate a few config files for different servers, and they show up in a drop-down list so you can switch servers as you wish. The only downside is, you don't get to see live server stats, but that's no big deal. S.O.A. has even provided a killswitch for Viscosity that works perfectly:

 

https://airvpn.org/topic/12665-viscosity-vpn-killswitch-for-mac-and-windows/

 

I've been tempted to try Eddie, but Viscosity works so well without any input from me that I can't see any benefit to changing. 

 

So is there perhaps a way i can connect to airvpn without the GUI client?

Share this post


Link to post

Hi

 

Is there a way of disabling OS X's prompt for a system password every time the AirVPN client is launched? Ideally I'd like to tell the app it's okay to always launch.

 

Thanks

did you find out how to do this??? just started using airvpn and been searching for the same thing...always asked for password, let me know?

Share this post


Link to post

I did try a unix method of setuid before and it worked until I updated Eddie... Can anyone from support let me know what binary is actually causing this (or a way to find this out) so I can give setuid to that?

 

For clarity this is the command I used to use:

 

sudo chmod 4755 /Applications/AirVPN.app/Contents/MacOS/AirVPN

Share this post


Link to post

I did try a unix method of setuid before and it worked until I updated Eddie... Can anyone from support let me know what binary is actually causing this (or a way to find this out) so I can give setuid to that?

 

For clarity this is the command I used to use:

 

sudo chmod 4755 /Applications/AirVPN.app/Contents/MacOS/AirVPN

 

Realised why this wont work, I own the binary and I'm not root...

 

So! The way to do this so any user on the system can run Eddie with root privs is this:

 

DISCLOSURE: This method is not very safe. If a vulnerability is discovered in Eddie, it could potentially lead to system compromise, this is because Eddie will be running as root! Putting it bluntly, if you don't know why this is I suggest you put up with the password box... This circumvents OSX's security.

 

sudo chown root /Applications/AirVPN.app/Contents/MacOS/AirVPN

sudo chmod 4755 /Applications/AirVPN.app/Contents/MacOS/AirVPN

Share this post


Link to post

Hi

 

I have searched the forum and there is no answer given.

 

Why does the AirVPN Client App for MacOs X not launch without a password prompt, like other VPN Client software does, like with Cyberghost VPN? Cyberghost does not have a password prompt at startup of their client software like yours does. Can you not fix that?

 

Is there a way of disabling OS X's prompt for a system password every time the AirVPN client is launched? Ideally I'd like to tell the app it's okay to always launch.

 

 

Thanks

Share this post


Link to post

 

Hi

 

I have searched the forum and there is no answer given.

 

Why does the AirVPN Client App for MacOs X not launch without a password prompt, like other VPN Client software does, like with Cyberghost VPN? Cyberghost does not have a password prompt at startup of their client software like yours does. Can you not fix that?

 

Is there a way of disabling OS X's prompt for a system password every time the AirVPN client is launched? Ideally I'd like to tell the app it's okay to always launch.

 

 

Thanks

Hello, TotalHealth,

 

If it doesn't come from Applestore, you will get that prompt.

 

Here's my easy work around. I leave airvpn loaded, but click on the icon in the upper right corner of my Macbook and the second row down click disconnect, it leaves the program loaded but disconnects from airvpn, then when I want to recconect, I click the same icon and click main window, it brings up the Eddie main window and I connect to my preferred server. That way, I do not have to go through the  password permission process, nor reload Eddie every time.

Share this post


Link to post

guys one of the El Capitan features is Root-less " also called SIP "
(the official name, "System Integrity Protection", is more accurate). What it really does is limit the power of the root account, so that even if you become root, you don't have full control over the system.
so it's safe to give root acces to Eddie in El Capitan ?
i gave root access to it by typing commands in terminal was written above in this thread and it's no longer asks for password
you can read more about it here : https://apple.stackexchange.com/questions/193368/what-is-the-rootless-feature-in-el-capitan-really

Share this post


Link to post

Hi

 

I have searched the forum and there is no answer given.

 

Why does the AirVPN Client App for MacOs X not launch without a password prompt, like other VPN Client software does, like with Cyberghost VPN? Cyberghost does not have a password prompt at startup of their client software like yours does. Can you not fix that?

 

 

 

There's nothing to fix, the password prompt is correct, intentional and must NOT be removed. See what happened with Viscosity. Probably some users here wrote without even reading the previous messages. Topic locked.

 

Kind regards

Share this post


Link to post
Guest
This topic is now closed to further replies.

×
×
  • Create New...